Microsoft Remote Desktop Protocol Remote Code Execution Vulnerability (2723135) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS12-053.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user or cause a denial of service condition. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-053

Insight

The flaw is due to an error within Remote Desktop Services when accessing an object in memory after it has been deleted. This can be exploited by sending a sequence of specially crafted RDP packets to the target system.

Affected

Microsoft Windows XP x32 Edition Service Pack 3 and prior

References

http://secunia.com/advisories/50244/
http://support.microsoft.com/kb/2723135
http://technet.microsoft.com/en-us/security/bulletin/ms12-053
http://www.securelist.com/en/advisories/50244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2526

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2870699)
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Buffer Overrun in the ListBox and in the ComboBox (824141)
.NET JIT Compiler Vulnerability

Take action and discover your vulnerabilities